From 3017a405afe6fade2cb9845bb905b39741654ae8 Mon Sep 17 00:00:00 2001 From: ReenigneArcher <42013603+ReenigneArcher@users.noreply.github.com> Date: Sat, 12 Aug 2023 15:53:45 -0400 Subject: [PATCH] ci(codeql): detect cpp and charp (#1526) --- .codeql-prebuild-cpp.sh | 54 ++++++++++++++++++++++++++++++++++++ .github/workflows/codeql.yml | 17 ++++++++++-- 2 files changed, 69 insertions(+), 2 deletions(-) create mode 100644 .codeql-prebuild-cpp.sh diff --git a/.codeql-prebuild-cpp.sh b/.codeql-prebuild-cpp.sh new file mode 100644 index 00000000..b4461a20 --- /dev/null +++ b/.codeql-prebuild-cpp.sh @@ -0,0 +1,54 @@ +# install dependencies for C++ analysis + +sudo apt-get update -y +sudo apt-get install -y \ + build-essential \ + gcc-10 \ + g++-10 \ + libappindicator3-dev \ + libavdevice-dev \ + libboost-filesystem-dev \ + libboost-locale-dev \ + libboost-log-dev \ + libboost-program-options-dev \ + libcap-dev \ + libcurl4-openssl-dev \ + libdrm-dev \ + libevdev-dev \ + libmfx-dev \ + libnuma-dev \ + libopus-dev \ + libpulse-dev \ + libssl-dev \ + libva-dev \ + libvdpau-dev \ + libwayland-dev \ + libx11-dev \ + libxcb-shm0-dev \ + libxcb-xfixes0-dev \ + libxcb1-dev \ + libxfixes-dev \ + libxrandr-dev \ + libxtst-dev \ + wget + +# clean apt cache +sudo apt-get clean +sudo rm -rf /var/lib/apt/lists/* + +# Update gcc alias +# https://stackoverflow.com/a/70653945/11214013 +sudo update-alternatives --install \ + /usr/bin/gcc gcc /usr/bin/gcc-10 100 \ + --slave /usr/bin/g++ g++ /usr/bin/g++-10 \ + --slave /usr/bin/gcov gcov /usr/bin/gcov-10 \ + --slave /usr/bin/gcc-ar gcc-ar /usr/bin/gcc-ar-10 \ + --slave /usr/bin/gcc-ranlib gcc-ranlib /usr/bin/gcc-ranlib-10 + +# Install CUDA +sudo wget \ + https://developer.download.nvidia.com/compute/cuda/11.8.0/local_installers/cuda_11.8.0_520.61.05_linux.run \ + --progress=bar:force:noscroll -q --show-progress -O /root/cuda.run +sudo chmod a+x /root/cuda.run +sudo /root/cuda.run --silent --toolkit --toolkitpath=/usr --no-opengl-libs --no-man-page --no-drm +sudo rm /root/cuda.run diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 7cfd62a7..25669d8f 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -35,6 +35,8 @@ jobs: const supported_languages = ['cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby', 'swift'] const remap_languages = { + 'c++': 'cpp', + 'c#': 'csharp', 'kotlin': 'java', 'typescript': 'javascript', } @@ -45,7 +47,7 @@ jobs: "include": [] } - for (const [key, value] of Object.entries(response.data)) { + for (let [key, value] of Object.entries(response.data)) { // remap language if (remap_languages[key.toLowerCase()]) { console.log(`Remapping language: ${key} to ${remap_languages[key.toLowerCase()]}`) @@ -95,6 +97,8 @@ jobs: steps: - name: Checkout repository uses: actions/checkout@v3 + with: + submodules: recursive # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL @@ -109,8 +113,17 @@ jobs: # For more details on CodeQL's query packs, refer to: https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs # queries: security-extended,security-and-quality + # Pre autobuild + # create a file named .codeql-prebuild-${{ matrix.language }}.sh in the root of your repository + - name: Prebuild + run: | + # check if .qodeql-prebuild-${{ matrix.language }}.sh exists + if [ -f "./.codeql-prebuild-${{ matrix.language }}.sh" ]; then + echo "Running .codeql-prebuild-${{ matrix.language }}.sh" + ./.codeql-prebuild-${{ matrix.language }}.sh + fi + # Autobuild attempts to build any compiled languages (C/C++, C#, Go, Java, or Swift). - # TODO: If this step fails, then we need to create a method to build the project using an automated method. - name: Autobuild uses: github/codeql-action/autobuild@v2